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(54) Decoder and security module for a digital transmission system 



(57) A decoder 1 2 in particular for a digital television 
systOT and adapted to receive a transport packet 
stream oontaimng tatsle or section data encapsulated 
within the packet p^oads. The decoder ts <^iaracter- 
ised in conprising a nneans 80 for filtering tattle or sec- 
tion data ccxTf igirable in re^nse to fitter data received 
from a portat^e security module 30 sucfi as a smart 
card. 

The inventlOT equally extends to a porteWe security 
module 30 indudtng a memory hok£ng such data as is 



necessary to omfigire the table or section f iter 80, axd 
a m^hod for iKooessrr^ a transport packet stream 
ffidudir^ encapsulated table and section data using 
such a decoder 12 and seo^ modLde 30. 

a preferred e n bo cfimen t the fflter 80 is acfe^rted 
to titer aA corx^btional ac cess messages in response to 
the table or secfion filter data received from ttie portable 
security module 30. tfiese messages being thereaft^ 
Ibnwajtied to ^ security module fc^ processing. 
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Description 

[0001 ] TTie present invention relates to a decoder and security modute for a trananission system and method 
of operating a decoder and security modiJe, in particulaf for use in a digital television sy^era 
5 [0002] Conventional digital television broadcast systems transmit data *m 

or transport packets, each packet being of a predeterrrined length and containing a header arwJ a paytoad. The MPEG 
standard is the oinently favoured standard in this domain and sets out among^ other things, a predetermkied format 
for such packets. 

[0003] The packet header corrprises gen®-^ descriptive data regarding the packet whilst the payload conprises the 
w data to be pro<^ssed at the receive-. The packet header includes at least a pactet ID or PID identifying the packet- The 
payload of the packet may contain audia vklw or otha- data such as appiicalion data or, in particular, conditional 
access system data. 

[0004] Conventiaially. the incoming data stream is filtered by a receiver/decoder according to the PID of each pactet 
Data requiring immediate processing such as audio or visual data is convnunicated to an appropriate processor in the 
15 «OTm of what is conventionally known as a pad<etfeed elementary streamer PES ThfecOTtinuwis flux of data, wfwh is 
formed by assenrtjitng the paytoads of the transport packets, itseif conprises a sequence of packets, each PES packet 
conpri^g a padcet header and payfoad. 

(OOOSJ Other data rtat requiring immecBate processing rr^ also be encapsulated vwtWn the payfoads of the tran^jort 
packets. Uniike PES data, which is treated immediately by a processor to generate a real time output this sort ol data 
20 is typk:ally processed in an asynchrorvous manner by the decoder processor. In tfe case, data is fomrtatted in a single 
tat^e or a series of sections or tables, each inducing a header and a paytoad, the head©- of the section or tdt^e elud- 
ing a table ID or Tia 

[OQC^ In the case where the access to a transnussion is to be restrtcted, for exan^. in a pa^ TV system, conditiooal 
access data may be inckKled in a table or secfion broadcast in the transport stream with the transmission. This condi- 
25 tional access data is filtered by the receiver/decoda- and passed to a portable secwity mockile, such as smart card, 
inserted in the decoder. The data is then processed by the smart cand in onder to generate, fw example, a corttrcl word 
sutTsequentiy used by the decoder to descramble a transmission. 

[0007] One problem with kncMm systems lies in the volume of data that wdt be received and processed by the 
receiver/decoder and notably the volume of conditional access messages eventual^ IcMwaided to the smart caid or 
30 security nradule. In particular, the processing c^pabHities of a snwt cart processor aid the cap 

cation channel between the decoder and smart card may be insufficient to hancfie a gpven vrfume <rf messages. This 
problem is exacert^ted by the increasing tendency for programmes to be transmitted with muttipie concfitfor^ access 
nr^essages er^abftng access by drf^errt operators tothe same programme (eg. afoolbafl match orath^natfot^evision 
diannd). 

35 [OOOq Acccffding to the presem invention, there is provided a decoder for a d^taltr^^ 

receive a transport packet stream contairting table, sectton or othe- packetlsed data encapsulated within the pad^ pay- 
loads and characterised in that the decoder comprises a means for filtering the encapsiriated data configurable in 
response to fSter data received from a portable security modula 

[0009] Filtering data at the table or section level in response to information trom the security module enables a more 
40 precise id«itifkation and selection of data to be carried out, for exanple. to extract relevant conditional access mes- 
sages addressed to the module. In practice, and as will be described below, this fitering at the table or section level m^ 
be carried out after and in additfon to a filtering canied out at the transport packet lev^, 

[0010] PreferatJiy, the means for filtering ©icapsulated data is cortfigurstole in response to filter data conprfeing at 
least a table ID or section ID value transmitted by the portable security mediae. The means fa fitering encapsulated 

45 data may equally be configur^e in accordance with other data rec«ved from the portabfe security nrodule. 

[001 1 ] In a pref«Ted embodiment, the means for filtering encapsulated data is further adapted to forward to the secu- 
rity module conditfonal access dato obtained in accordance with the f at^ data received from the security module. 
[0012] WWIst the present invention is particularly adapted to enaWe a reduction of the volume of conditional access 
messages communicated between the decoder and the module, it will be nev^eless appreciated that the encapsu- 

50 lated data may be configured by the security module to extract data other tten conditicHial access data and having a 
destinatfon other than the security module. 

[001 3] Conditional aco^s data f ilt^ed and forwarded to the security module may comprise entitlement ccHitrol mes- 
sages (ECMs) and/or entitlement rranagement message (EMMs), 

[0014] Even within a group of messages associated with a single conditional access system there may be a large 
55 number of messages Indevant to a particidar user within that system. For exanple, within a sngje corKiitional access 
system a nuntoer of different ^oups of i^ers may t>e defined leading to the generation of a nunrber of EMMs. not all of 
which may be relevant to a given user. 

[0015] Preferably tiierefore, filter data provided by the security module conrprises data used by the filtw means to 
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extract grcK^s and/or incfivtdual entillement management messages addressed to the security modide. 
[0016] In one en^Dodiment. the decoder is ad£^ed to receive a contro! word gyrated by the seculty mocktle in 
response to the conditional access data forwarded ther etot the contro! word being used by the decoder to descramble 
a scrant^ed transmission. 
5 [OOITJ In addition to a fihering at me taWe or section level, the decoder may 

in order, for exanple, to extract only th^ prad^ets comprising data associated with the particufar oondrttonal access 
system used by the security module. Preferably, therefore the decode lurtter amprises a means fa- filtering trar^port 
packet data conf igurak^e in response fo data received from the security nrxx^. 

[0018] Advantageously, the means for filtering transport packet data may be conftgwaWe in response to repre- 

10 senting the identity of the conditional access system received from the security modiia 

[001 9} In one entxxiimBnt the trarsport packet f Bering means is adapted to extract tran^x^ packets contairmg a 
program map table and a conditional access table, the decoder further comprising s^ection means adafAedi to receive 
the program map table and conditional access t^e from the transport packet fatering means and conditicmaJ access 
identity data from tiie security module and ther^fter conftgi^ e the transp(»1 packet f atering means to extract transport 

15 packet data associated with the cc^itional access sy^em in questic^. 

[0020] In order to jxeserve security in the systan, some or all oommimtcatfons between me security module and the 
decode may be encrypted. In particular, the desaaTi)ting ccKitrol word gen^ated by the security module and eventu* 
aHy transmitted to the decoder may be enaypted, 

[0021] The pres&it invention has be^ descrfoed above in retatfon to a decoder. Other aspects of the inver^fon relate 
20 to a method ol filtering encapsulated data in a transport packet ^eam and a security module for use wim a decoder 
method o* the present invention. In one embodimait the security modWe may converaentiy conprise a sm^ card, 
[0022] Wrtist the present invention niay apply to any packirftrcffisnfttsskxi system oxiprising 
and a table or section layer, the present invention is palicularly appiksdbte to a decoder ada(^ to receive sa\ MPEG 
compatiUe data stream 
26 [0023] In this regard, the term *1al:^e. section or other packetised data' refers mH^ 
afone a in a sequence, and corrprising a header and payfoad and that ts encaps^ 

stream As will be desc^foed in the pref^red emboc£ment the pres^ inventkm is partiodarly applicable tofit^t^ of 
data contained within an MPEG table, notably a singHe MPEG short form table Oth^ enrtbodiments ^e ncMerthetess 
concei vaUe. for example, in wfuch fdtenng is carried out on PES packets encapsuIsM within the trcraport packet pay- 
30 loads. 

[0024] in the context of tHsapplicati(Mi. thetenn K^BSreterstothedatatr^isnritssion standaidsde^re^^ 
Intematior^l Standards Organisation vvorking group "Motion Pk:ti^es Expert Ootp" and in particular b(4 not exclu- 
sively the MPEG-2 standard devefoped for digitai tdevision spp&»^ 
13818-2, ISO 13818^and ISO 13818-4. In the context of the presentpatent^ipiicatoi.^ 
35 variants. mo<fificatiCtfi6 or dev^opmente of MPEG formats api^cable to the fi^ 

[0025] As used her^n, me term "smart card" includes, but not exclusively so, any chip^)ased card device, or object 
of similar fimction and p^fornrance, possessing, for example, nraoprocessor and/or memory storage, foduded in mfe 
term are devices having alternative physical forms to a card, for example key-^icped devices such as are often used 
in TV decoder systems. 

40 [0026] The term "decoder" or "receiver/decoder" i^ed herw m^ connote a r&:&v& for receiving either encoded or 
non-encoded signals, for exanple, television and/or radio signals, which may be broalca^ or transmitted by some 
other means. EmtKxiiments of such receiver/decoders may include a decoder kitegnal wim me receiver for deoocfing me 
received sgnab, for example, in a "set-tcp box", a decoder functiorwig m combination wim a physical separate 
receiver, as well as a decoder including additional functions, such as a web t)rowser or '^itegr^ed wim a video recorder 

45 oratelewaon. 

[0027] As used h^a the term "digitel transn^sion system* includes any transmission system for transmitting or 
broadcasting digital data, for example primarily audiovisual or nu^media cBgitai data. WhSst me present invention is 
particularly applicable to a broadcast digital televi^n system^ me inv&ttion may also be api;^k:able to a fixed telecom- 
munfoations nelwori^ for multimedia internet applications, to a ctosed circuit tdevision. and so on. 
50 [0028] As used h&mn, me term "distal televisfon system" includes for exanple any satetGte, ten^estrial, cable and 
other system. 

[(K)29] There will now bB described, by way of examfrfe only, a pr^eaed enixxiiment of me invwrtiOT. wwm referw^e 
to me following figures, in wf^: 

55 Figure 1 shows me overall architecture of a cfigrtaJ TV system accordir^ to mis embodiment; 

Rgure 2 shows the architecture of me conditiorel access system of Figure 1 ; 



3 



EP 0 964 572 A1 



Figure 3 shows the hierarchy of MPEG-2 packets, in particular those associated with oofKlitional access messaQes; 

Rgure 4 shows the structure of long form and short form MPEG-2 private sections; 

5 Figure 5 shows the elements <A a receiver/decoder for use in this embodinnent; 

Figure 6 shows the elements of the recaver/deooder used to process the transport stream, in particular m relation 
to condrttonaf access messages; and 

w Figure 7 shows the structure of the RID and section fillers of the fitter uiit of Fig. 6. 

10030] An overview of a di^l television tyoacteast and reception system 1 is shown in Figure 1. The invention 
includes a mostly conventiwial cfigilal television system 2 which uses the MPEG-2 compressitHi system to transmit 
conpressed digital signals. In more detail. f^PEG'2 conrtpressor 3 in a txocKteast centre receives a digital signal stream 
IS (for example a stream of audio or >fldeo sign^s). The corr^essor 3 © oorviected to a rmA^e)ffir and scrambler 4 
Iffik^e 5. The nujltiF>lexer 4 receives a plurality of ftjrther input signals, assembles one or more transport streams arxJ 
transmits conpressed digital signals to a transmitter 6 of the bro^icast c^e via Rrtoge 7, wHhich can of course take 
a wide variety of forms Including telecom links. 

[0031 1 The transmitter 6 transmits dedronr^gnetic stgnate via i^slink 8 towards a satefiite transponcter 9, where tfiey 
20 are ^ectroiically processed and broadcast via a national downlink 10 to earth receiver 1 1 . corventkxially in the form 
of a dish owned or rwrted by the ^ user. The signals rec^ved by receiver 11 are transnitted to an inte^ed 
receiver/deooder 12 OMmed or rented by the end user and connected to ihe end user^ television sel 13. The 
receiver/decoder 12 decodes the compressed MPEG-2 signal mto a t^evision signal lor the television set 13. 
[0032] A condtional access system 20 is connected to the multiplexer 4 and the recetver/deood^ 12. and is located 
^ parti y fft the t^-oadcast centre and partly tn the decoder. It erobl es the end user to access digital television broadcasts 
from one or more broadcast suppBers. A smartcard, capat>le of decryptr^g messages relating to commencial offers (that 
is. one or several television programmes soW by the broadcast supptiei). can be inserted into the reoeiver«ecoder 12. 
Using the decoder 12 and smartcard, the end user may pirchase events in ^ther a subscri^tfton mode or a pay-per- 
view moda 

30 [0033] An interac^e system 17. also connected to the nr%jHiplexer 4 and the rece^ 

partiy in the broalcast centre and partly in the decode-. n^l>e provided to ensdWe the end us^ to wteract with vari^ 
app&cations via a nxxlemmed b»adt channel 16. 

[0034] The conditional access system 20 will now be desabed in more d^al 

[0035] Wrth refererK:e to F^ure 2. in overview the conditional ^x:ess system 20 includes a Sut>scrt>erAuthorizafi^ 
35 System (SAS) 21. The SAS 21 is connected to one or nx)re Subscrtoer Management SystOTs (SMS) 22, one SMS for 
each broadcast si^Per, by a respective TCP-IP linkage 23 (although other types erf linkage coidd altemativ«dy be 
used). Alternalively. one SMS couW be shared between two broadca^ supji^iers, o( one supplier could use two SMSs. 
and so on. 

[0036] Rrst encrypting units in the form of ciphering units 24 utilising "mother smartcards 25 are connected to the 
40 SAS by linkage 26- S^nd enaypting units again in the form of c?>hering units 27 utilising mother smartcards 28 are 
connected to the multif^exBr 4 by linkage 29. The receiver/decodo' 12 receives a ''daught«^ smartcard 30, It is con- 
nected directly to the SAS 21 by Communicalions Servers 31 via the modOTmed back channel 16. The SAS sends, 
amongst other things, subscriptim rights to the daughter smarfcaiti on reque^- 

[0037] The smartcards contain the secrets of (me or more commercial operators. The "nxjth^ smartcard wicrypts 
45 different kinds of messages and the "daughter" smartcards decrypt the messc^es. if th^ have the rights to do sa 
[0038] The first and second Offering units 24 and 27 conprise a racK an electronic VME card with software stored 
on an EEP ROM. up to 20 eleclrc»iic cards and one smartcard 25 and 28 respectively, for each electronic card, one card 
28 fa encrypting the EGMs and one card 25 for enaypting the EMMs. 

[0039] The operation of the conditional access system 20 of the digital television system will now bedescrSjed in more 
50 detail with reference to the various compon^rts of the television system 2 and the cor^itional access system 20. 

MuHipjexer and Scrambler 

[0040] With reference to Figures 1 and 2, in the broaden centre, the digital audio or video signal ts first compressed 
55 (or bit rate reduced), udng the MPEG'2 compressor 3. This compressed signal is then transmitted to the numipiexer 
and scramljler 4 wa the link^e 5 in order to be fTmiltiplexed with other data, such as other compressed data, 
[0041] The scrambler generates a control word used in the scrambling process and included in the l^PEG-2 stream 
in the multplexer. The control word is generated internally and enables the end user's int^rated receiver/decoder 12 
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to descramWe the fxogramme, 

[(M)42] Access crfteha. indicating hew the progranme ^ comnierciali&ed. are also added to the MPEGr2 stream. The 
programme be ccwnmeraalised in either one of a numl)er of "suljscr^jtion* modes and/or one of a numt)er of *Pay 
Per View" (PPV) modes or events. In the subscr^rtion nrxxte.theendusersufcjscrtoestooneormoreoontmerdaloffas, 
5 or tjouquets", thus g^ng the rights to watch every ctomel insde those bouquets. In the prelened embodiment up to 
^0 commercial offers may be selected from a bouc^et of chann^. 

10043] In the Pay P^ \fiew mode, ihe en6 user is provided with the capabBity to pi^ chase events as he wishes. This 
can be achieved by either pre-bo<*ing the event in advance ("fxe-book model, by purchasmg the evwt as soon as 
it is txoadcast ("impulse mode*)- In the preiened embodiment, all users are subsaibers, whether or not they watch in 
10 sut)scriplion or PPV nKxJe. but of course PPV viewers need not necessarily be subscrtoens. 

EntitiCTient Control Messages 

[0044] Both the control word and the access criteria are used to build an Enettement Control Message (ECM). This 
IS is a message sent in r^ation with a scrambled pro-am; the message contains a ocwitrol word (which allows for the 
desCTamtrting of the program) and the access aiteria of ihe broadcast prnj^am. The access criteria and control word 
are transmitted to the second encrypting unit 27 via the linkage 29. In this unit an ECM is generated, enaypted and 
transmitted on to the multiplexer and scrambler 4, During a broadcast trwism^sion« the control word typically changes 
every few secorKte, and so ECMs are also periodk:aily transmitted to enable the diangif^ control word to bedescram- 
20 Wed, For redundancy purposes, each ECM typically HKiudes two contrd words; the ^ 
oc^olword. 

[0045] Each service karoalcast by a broadcast supplier in a data stream comprKes a rwirt>er erf distinct components; 
lor exanple a television programme includes a video component an audio component a sU>-tide component and so 
on. Each of these components of a service is indtvttkially scrEmtsted and enaypted for subsequent broadcast to the 
26 trai^ponder 9, In respect ea<^ scrarrtiled conpon^t of the service, a separate ECM is rec^ired. M^natively, a sin- 
gle ECM may be required lor ait of the scrambled components of a servica Multiple ECMs are also generated In the 
case where mutt^le condi^onal access systems control access to the same transnrvtted program. 

PiXMiramme Trar^ission 

30 

[0046] The multiplexer 4 recaves electrical signate comprising encrypted EMMs from the SAS 21 . encrypted ECMs 
from the second encrypting unit 27 and compressed programmes from the compressor 3. The nuAiFteoBr 4saan*les 
the progrBriimes and smJs tfie scrant3led progranvnes, the encrypted 

6 of the broacteast centre via the linkage 7. The tn^Tsnrstter 6 transnnts elecbximj^oetic signais towaids the sat^Ae 
35 transponder 9 via upTmk 8. 

Programme Reception 

[(KMT] The satellite transponder 9 receives and processes the electromagnetic signals trananitted by the tnansmrtter 
40 6 arxj transnfe the signals on to the earth receiver 1 1 . conventionally in the form of a dish owned or ranted by the end 
usar. via downlink 10. The signals received by receiver 1 1 are transmitted to the irtegrated receiverAiecoder 12 owned 
CM- rented by the end user and connected to the end user's television set 13. The receiv^Alecoder 12 demultiirfexes the 
signate to otjtain scrarrtrfed programmes with ^crypted EMMs and &vcry^^ ECM&, 

VmS] If the iM^Offamme is not scranWed. that is. rro ECM has been transmuted with the MPEQ-2 stream, the 
45 receiver/decoder 1 2 decompresses the data and transforms the signal into a video signal for tiansmisaon to televfeion 
set 13. 

[0049] If the programme is scrambled, the recerver/decodo* 12 extracts the corresponding ECM frcwn the MPEQ-2 
stream and passes the ECM to the 'yaughter" snwtcaid 30 of the erd user. Thfe slots into a housing in the 
rec©ver/d«Md^ 12. The daughter smartcard 30 controls whether the end user has the right to decrypt the ECM and 
50 to access the pro^mme. If not, a negative status e passed to the receiverAiecoder 1 2 to indicate that the programme 
cannot be descran4)led. If the en6 user does have the rights, the ECM is decrypted and the control word extracted. The 
decoder 12 can then descramble the proe^amme usng this control word. The MPEG-2 stream is decompressed and 
translated into a vkJeo signal for onward transmission to television set 13. 

55 Entittement Management fyfessaoes (EMMs) 

I<KI50} The EMM is a message dedicated to an individu^ end user (sut>scrt)er). or a grotp of erxl users. Each cp-oup 
may contain a given number of end users. This organisation as a group mrm at optimising the bandwktth; that is. 
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access to one group can pernnrt the reachir^ of a great number of end usexs. 

[0(B1] Various spedTic types of EMM can be used. Individual EMMs are dedk:ated to indivic&iat sitecrbers. and are 
typically used in the prevision of Pay Per View services; these contain the groip identift^ and the position of the sub- 
scriber in that group. 

5 [0052] Group subsaiption EMf^^s are dedicated to groups of, say, 256 individual users, and are typically used in tfie 
administration of sorrte subscripfion service. This EMM has a group identif and a SLd3SGrd>ers' group bitmap. 
[0053] Audience EMMs are dedicated to entire audences. and might for example be used by a pai^ 
provide certain free services. An "audience" is the totality of subscribers having smartcards which bear the same con- 
ditional access system identifier (CA ID). Finally, a "unique* EMM is addressed to the unique identifiw of the smartcard. 

70 

SubSCTtber Management System (SMS) 

[0(M] A Sut»scrtber Management System (SMS) 22 indudes a database 32 vvhich manages, amongst others, ail of 
the end user files, commerci^ offa^. si4>scnptions, PPV details, and data regarding end user consunption and author- 
75 ization. The SMS may be p^^cally remote frcmi the SAS, 

[0055] Each SMS 22 transmrte messages to the SAS 21 via respective lirtoge 23 which irrply rrxxiifkatiore to or cre- 
ations of EntiHenrtent Management Messages (EMMs) to be transn^ed to end users. 

[0056] The SMS 22 also transmits messages to the SAS 21 which imply no mo(ffications or creations of EMMS but 
imply ordy a change in an end users state (relating to the authorization granted to the end user when ordering products 
20 or to tie amount that the end user will t^e charged). 

[0(B7] TheSAS21 sends nriessages (typic^ly requester^ inforrnation suc^ as cdl-back inl^^ 
tion) to the SMS 22, so that it win t»e apparent that communication betwe^i the two ^ two-w^. 

Subscriber Authorization System (SAS) 

25 

[0058] "me messages generated by the SMS 22 are passed via Mnkage 23 to the Subscrftw Authorizalion System 
(SAS) 21, which in tom generates messages acknowled^ng receipt of the messages generated fciy the SMS 21 and 
passes these acknowledgements to the SMS 22. 

[0059] In overview the SAS comprises a Subscription Chavi area to ^ve rights kr subscrption mode and to renew 
30 the rights automatically each month, a Pay F^r View Chain area to ^ rights for PPV events, and an EMM tr^ector for 

passing EMMs created by the Subscription and PPV chan areas to the mt^tplexer scrambler 4, and h&ice to leed 

the MPEG stream with EMMs. If other rights are to be grarted, si«*i as Ray Per RIe (PPF^ rights in fte 

Uy&drng conputer software to a i^&'s Personal Conrputer. other siniteir areas are ateo prcA^ded. 

[0060] OnefunctiOToftheSAS21 ^ to manage the access r^hts to tdetnskm programmes^ avaiabte as oon^ 
35 offOT m sut>scription mode or sold as PPV events accorxiir^ to <£fterBnt modes of connnwrctafisation (pre-bo^ 

impulse mode). The SAS 21, acoonjing to those rights and to infonfnation received from the SMS 22. generates EMMs 

forthesutjscrtoer. 

[0061] The EMMs are passed to the Ciphering Unit (CU) 24 for cohering with respect to the management and exploi- 
tation keys. The CU conrpietes the signature on the EMM and passes the EMM back to a Message Generator (MG) in 
40 the SAS 21 , where a head©^ is added. The EMMs are passed to a Message Emitter (ME) as corplete EMMs. The Mes- 
sage Generator detennines the broadcast start and stop time and the rate of emission of the EMMs, and passes these 
as appropriate directions along with the EMMs to the Message Enr^tter. The MG only generates a given EMM once; it 
is the ME which perfonms cyclic transmission of the EMMs. 

[0062] On generation of an EMM. the MG assigns a unique identifier to the Emfi, V^en the MG passes the EMM to 
45 the ME. it also passes the EMM ID. TNs ensdbles identification of a particular EMM at both the MG and the ME. 

[0063] In systems such as simulcrypt wNch are adapted to handle multiple corxiitiona! access systems e-g. associ- 
ated with nrujttiple operators, EMM streams associated with each conditional access system are generated s^rately 
and multiplexed together the multiplexer 4 priw to transmission. 

so Conditional Access Messages in the Transport Stream 

[0064] The different natore of ECM and EMM message leads to differences vis ^ vis tiie nrode of transmission of the 
messages in the MPEG transport stream. ECM messages, which carry the ccxitrol words needed to descramtile a pro- 
gramme are necessarily Onked to the video and audio streams of the progranrvne being transmitted, in contrast EMM 
55 messages are general m^sages broadcast asynchronously to transmit rights information to individual or groups of 
customers. This difference is reflected in the pladng of ECM and EMM messages within the MPEG transport stream. 
[0065] As is known, MPEG transport packets are of a fixed 1^^ of 188 bytes indudir^ a header. In a standard 
packet the three bytes of the header fc^lo^rig the synchronisation data comprise: 
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TABLE I 



Transport errcM" incficator 


1 bit 


Payload unit imjicator 


1 twt 


Transport priorrty 


1 tet 


PID 


13 bits 


Transport scramt^ng control 


2bit& 


Adaptation field control 


2bit5 


Continuity counter 


4ttte 



'5 

[0066] The charactersfics of these fields are largely d^erniined by the MPEG standard. 

[0067] Refening to Rgure 3, the organisation of data within a transport stream wQl be described. As shown, the trans- 
port stream contains a programme association table 40 ("PAT), the PID in the header of the ticket being fixed by the 
MPEG-2 standard at a value of 0x00. The programme access table 40 provides the entry point for access to prc^ramme 
20 data and contains a table referring to the PID values of the progranvne map tables (TMT) 41, 42 associated with a 
nurrto of programmes. Each prograrnmenrtap table 41. 42 contains mtisri a refer^ioe to the PID 
Yearns of the audio tables 43 and video tables 44 of that progranvm. 

[0068] As shown, the rro^iamie map tadsle 42 also contai ns relererKes to the PH> values of packets 45, 46 
containing additiormi data relating to the programme in que^on. ^ the present case ECM data geimsed a numbe- 
^ of concfiticral acx:ess systems and associated with tf% pi ogt a m m e bi question is contairied wvr^ the referred packets 
45,46. 

[0069] in addition to the programme access tat^e PAT 40, the MPEG transport strewn further composes a corditional 
access tali^e 47 rCAT). the PID value of which is fixed at 0x01 . Any pack^ headers containing tiis PID vak>e are thus 
automatica»y identified as containing access control intonmatk>n. The CAT taft^ 47 reiers to the PID values of MPEG 
30 packets 48. 49. 50 associated with EMM data assooialed with one or more ooncfitional access systems. As with the 
PMT packets, the PID values of the EMM packets refen^ed to in ftie CAT table are not fixed and may foe determined at 
tfie cNnce of the system opeiator. 

35 

[0070] bi conforrT% with the MPEG-2 stancterd, infonrotion contained w^ a pack^ p8yk)ad is sutject to a further 
level of structure according to the type of data being transported. In the case of audio, visuod^ teletext subtitle a oth^ 
such rapidly evolvir^ and synchronised data, the information is s^sembled in the torm <^ what is known as a packetised 
elementary stream or PES. This data stream, which is formed by asseiibling the payl<»ds of the transmitted packets. 
40 itself comprises a sequence of packets, each packet conpr^ing a packet header and payload. Unl3(e the trar^mitted 
packets In the tran^3ort stream, the length of PES packets ^ vari^a 

[0071 ] In the case of other data, such as applicatbn data or, in tf^ exan^e, ECM and EMM data, a different format 
from PES packeting is {xoscrBDed. In particular, data contained in Sie trEffisport packed payfoad ^divicted into a saies 
of sections or tc&l%. the table or section header indixling a t^e ID or TID identrfyaig the tati^ in question. Depenc^ 
45 on the size of the data, a section may t>e contained entirety within a pack^ payfoad or may be extended in a series of 
tables over a rujn^ of transport {^ck^ In the MPEG-2 context the term tedble' is often used to refer to a single t^e 
of data, whBst "section" refers to one of a plurafity of tables with the same TID valua 

[0072] As transport packet data and PES pad^ data, the data structure of a table or section is additionally 
d^ined by the MPEG-2 standard. In particular, two pc^lsle syntax forms for private table or section data are proposed; 
50 a tong form or a short form, as illustrated in F^ure 4, 

[0073] In both the ^u>rt and fong form, the head^ includes at least tfie data 60 conprising: 



TABLE II 



Table id 


Sbite 


Section syntax indicator 


1 bit 
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TABLE II (continued) 



Private indicator/reserved 


Itxt 


ISO rested 


2brt5 


Section length 


12 bits 



[0074] The private indicator and private section lengths are conprised of data not fixed by the MPEG-2 standard and 

which may be used by the system operator for his own purposes. 
10 [0075] tn the case of short form, the header 60 is inrmrtedialety followed by the payioad 61 . tn the case of tte \(X)q 

form, a further header section 62 is provided before the payioad 63 and the message equayy includes a ORG check 

value 64. The long form, which is typically used when a message ^ so long that ft must be divided into a ni^nber of 

sections, contains the information necessary to assemble the sectiOTS. such as the section nun4>er, the number of the 

last section in the sequence of sections etc. 
75 [0076] For furth©- infonration regarding the long and short fbnn tstole data, the reeder is directed to the MPEG-2 

standaid. 

[0077] In the case of conditioral access EC^ and EMM messages, ^e data ms^ usually be accomodated in a ^ngle 
table and the short form will be the appropriate format. A specific syntax for such short form corxlitionrf access mes- 
sages is proposed in me context of the present invention namely: 

20 



TABLE Hi 



Tat:^eid(fmerdata} 


8fcat&(1bytei} 


Section syntax indicatc»^ 


Ifcirt 


Private incficator/reserved 


Ibft 


ISO reserved 


2t^ 


Section length 


12tMtS 


OA specific tieader field (fdter data) 


56 bits (7 bytes) 



[007^ For such OA messages, the table id value may be set by the syst^ operator at for examine. 0x80 and 0x81 
tor ECM messages (for example, odd and even messages) and 0x82 to 0x8F for EMM messages. These values are not 

35 MPEG-2 proscribed and may be chosen at the discretion of the system oper:^. 

[0079] Ec^ly. in the case of the CA specific header f ieti. hereby designated as the fnst 7 bytes of the payfoad fol- 
lowing the header, ihe parameters may be set by the system operator to reflect, for example, the fact that the CA mes- 
sage is an EMM nriessage carrying individual, groMp or audience &ut>scription information. In tf^ manner the lieader" 
of such a table or section is extended. 

40 [0080] The advantages of sudi message syntax will t)ecome dear later, with re^d to the processir^ and filtering of 
messages by the receiver/decoder, notably by using the T^e id and CA specify field data. 

Receiver>decoder 

45 [0081 ] Referring to Figure 5. the elements of a receiver/decoder 1 2 or set-top txix for use in a digital broadcast system 
and adapted to be used in the present invention will now k>edescrS>ed. As w31 be urulerstood, the basic elements of this 
decoder are largely conventional and their implementation will be within the capabilities of one sNiDed in the art 
[0082] As ^lown, the decoder 12 is equif^ed with several interfaces tor receiving arKi transmitting data, in particular 
a tuner 70 for recdvtng tKoadcast MPEG transmissions, a serial interface 71 . a par^M interface 72. and a modem 73 

50 for s^xftng and receivir^ data via the telephone network. The decoder also indudes a first and second smart card 
reader 74 and 75. the first reader 74 for accepting the subscriptiai smart card and the secord reader 75 for accepting 
bank and/or other smart cards. 

[0083] The decoder also includes a receiver 76 for receiwng infra-red control signals from a hancteet remote control 
77 arti a Peritel oiput for sending audiovisual signals to a televi^on 13 connected to the decoder. 
55 [0084] Processing of digital signals received via the interfaces and gen^atfon of output sigrrals is handled by an 
ensemble of tiardware and software elements here grouped together as a central control unit 78. The software archi- 
tecture of the control unit within the decoder may corresporKl to that used in a known d^xxJer and will not be described 
here in any d^iL tt nray be based^ for exanple, on a virtual machine interacting via an vit^ce layer vnth a tower level 
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opiating system impt^nerrted in the hardware corrponents of the decoder, in terms of hetfdware architecture, the con- 
trol unit 78 will be equipped with a processor, memory elements such as ROM. RAM, FLASH memory etc as in known 
decodes. 

[0085] Applicatk}ns processed t)y the contrd unit 78 n^y be resident apprK:atim 
5 decoder or appTications broadcast and downloaded via the MPEG interface 2 of tie decoder. AppBcations can indude 
program guide appBcations, games, interact s^ces, telesN)pping applications, as wdl as initiating app&cations to 
enat^B the decoder to be immediately op^Btional i^x^n 5tart-i|) and qi^^cations for configuring aspects of the decoder. 
Applications are stored in m«TK)ry locations in the decoder and represented as resoirce files conprising grapNc object 
desaiptions f ifes, unit files, variable bbck files, instructiai sequence files, applicafons f Bes, data fies etc. 

10 

RIterinq of Conditioftai Access Data 

[0086] Figure 6 shows in schematic form the el«r»ents necessary for procesang packet and table data in aocondance 
vwth this OTbodiment of the inwrtion. As wilt be understood, the denwnts shown in this figure may be implemented in 

75 hardware, software or in ccmibtnation of tfie two. 

[0087] The broaden transnrussiOT received from the satellite r&;eiver are passed via the conveitk>n^ tuner 70 
an associated demodulator unit 79. The tuner 70 tyfi^cally scans a range of frequ^icies, stopping when a chosen carrier 
frequCTicy is detected within that range. The sigrials are then treated by the dennodulator unit 79 which extracts and for- 
wards the transport packet stream to a demux and filter Lffitt 80. The filter structure of the demux and fitter ur^ 80 will 

20 be described in detaO below in relation to Figure 7. As will be i0)derstood. the actual choice of components needed to 
impiem^ such a unit is at the discretion of the manufoctirer and the wosl tnportant aspect of such a isiit is tie chosen 
filter conf igiffatton, 

[0088] In the case of data KK^Tpted in accordance wim a condrtk)naIaoce^ 

the filter urnt interacts with a smart card 30 (or any olh©^ sectre device) mserted in the decode* 12 and a charmel 
26 parameter ap^tcation 81 . typcally inrptemented as a software apfi^ication 'u\ the decoder. 

[0089] The f &ter unit 80 extracts from the transport pack^ stream the PMT and CAT tables present in the stream. 
Referring back to Figure 3, thisfiltermg operatfon is canied out at a PIO lewel, the CAT table being identified by the PID 
value 0x01 and the appropriate PMT ta&Ae corresponding to the chosen broacfoast channel being extracted via tt% PAf 
table (PID value: 0x00) and the PID value of the chosoi charms tdemiTidd in ttre tstibia 
30 [0090] The<^Tar^param^erap|^catfon81 additfonaRyreo^vesfromtvesm^ca^ 
cmional access system associated witi that snwt card. Agson. re^^ 

tern is associated with ECM and Ef^ data in the packets 45 and 48. respectively. Using tie ooncidona] access system 
ID receh^ed from tie smart card 30 and the PKAT and CAT t^es rec«^ 

mines the PID v^ues erf the condttkral acc^ packets associated with tie o onditfo r ^a l access system in question and 
35 returns these values to tie f ater unit 80. 

[0091] In the case of a sin^ified system, where a relatively small number of ECM and Bms me OTitted. no other 
filtering may be necessary and these PID values nay be used by the filter unit 80 to extract all relevant ECM and EMM 
private sections from tie identified packets and to thereafter forward the datit contained wit^n ttese sections to tie 
smart card 30. 

40 [0092] Thfe conditional access data is tien processed by t>e micrc^jrocessor within tie smart card 30 and tie control 
word associated witti tie tranOTiissiai passed to a descramWing unit 83. The descran^aOi^ urat 83 receives scrambled 
audiovisual or other data information extracted from the transport packet stre^ t>y the demux and fHter unit 80, 
descrambles the information using the COTtrdwcOTj and tiereafter passes the data to a convertiOTMPEG-2 chip w^hic^ 
prepares tie data for subsequent di^tay on the associated televiston (feplay. 

45 [0(»3] However, whilst a PID level tater en^es an extraction of txjse EO^ and EMM messages associated exclu- 
sively with the conditional access system in question, tiere may nevertheless l5e a large fyoporfion of messages in-ei- 
evant to the i^ier. These messages may indude grovp EMM messages for other user groips, irdividuai E^/ft/! 
messages for otier users ^c. The throughput of conditorffll aoce^ messages passed to the smart card may therefore 
be very high. Given the limitations of the processor pow«^ and memory of smart cards, this throughput n^ be in prac- 

50 tice more than the card can handle. 

((K>94] In orcter to ovenconr^ thte problem, the smartcard 30 is adapted to pass further f9ter data to the unit 80 for use 
in a section or table level f Bter process, 

[0095] Referring to the TaSoke III above, tables containing conditit^ia] access data include Table id and CA spectfic 
hesKler fields which are chosen to id^rtify, for exanple. tie presence of an Ef^ or ECM (tatte id values 0x80 or 0x81 
55 and 0x82 to 0x8F. respectively) arxi the type of message (CA specific data identifying the group concerned by a ^oup 
EMM message, the presence of an audience EMM message etc.). D^>encSng on tie data thai it requires, the smart 
card 30 will s^ tie necessary table id and CA specific data to configure tie filter unit to extract and retis-n only tiose 
corKlrtional access messages of interest to tie smart card. In ti^ way, tie flow of data sent to the smart card may be 
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reduced to conform with the processing capatolities of the smart card miCTOprocessor. 

[0096] Referring to Figure 7, the details of the fiteiing unit 80 will be descrft)ed Typicafly. the ur^t maybe implemented 
as a hardware resource, driven by a firmware managing application with the receiv^Wecoder. As shown, a f^st set of 
fiH^ 85 carries out a PID fitoing process using the CA PID information received from the channel parameter applica- 
5 tion. The PID fitters 85 may equally be configured to extract other relevant packets such as the PMT. CAT tables sent to 
the channel parameter application. Other PID filters (not shown) may be used to extract the audtovisiai PES pack^ 
information eventually sent to the descrambler eta 

[0097] Once strpped of the pac^ header, the private section or table data is then routed to a set of pref iltets 86 
adapted to fater the 8 bytes m the extended header of a table. As shown in Table III. 1 byte of the extended h^er 

10 associated with the table id, 7 bytes with the C A specific information. The fitering operafion is carried out tjy oonpariaon 
ofthedbyte pattern in a table with the filter data received from the smart card. Some bits within t^ 
nrray be nrasked or igrrored inihe evaluation. In thfe OTbodment, 32 differ^ patterns are proposed, a SidJset of these 
patterns being applied by the pref iHens in dep^^ce of the inforn^ion received from the smart card. If one pattan 
matches, the section is sent to the FIFO buffer dement 87. If no pattern matches, the sectSwi is ignored. The filters 86 

IS equally ad to extract from the appropriate sections the PMT and CAT table informafbon, which is passed to a FIFO 
Ixiffer88. 

[0098] Due to the charactertstfos of the transport tayo-. the arrival of sections is bunsty. The buffer capacity the txiff- 
ers 87. 88 nnjst t>e suffidem to handle an average rate of 5Mbits/5. with the insert 
ular aJfocation with a possitile deviation of ± 25%. 
20 [0099] In order to t)etter understand the invention, a proposed exanple of of»rafing instrudioris handed by tfie sec- 
tfon titters 86 wiO rxsw be outBned. 

Filter^alLsections (Filter Jd Target Mask, Trigger_condf^n$, p/n) 

This command retrieves every section matching the target exoGpt masked t»ts after 1iigger_ooncfieons occured. 
25 Filter_nexl_section (Fttter^ki, Target, Mask, Tri^rjoondrtkyns, p/n) 

This command retrieves the next section matching the target except masked bits after triggerjconditfons occured. 
Trigger_conc3Btions are r^ated to otfier fitters previously identrfied as matchir^ 

Fiiterjid is an index tietween 0 arxi 31 , pointing to a fitter and an output queua In addition, rt ^ves the queueir>g 
priority. 0 being the highest priority. 
30 Ts^get Is an 8 bytes pattera 

A^A: is an 8 bytes pattern showing the bits to be niasl^ in the target v^iB 0 me^is nr^^ 
Trigger_conc(itk>ns s a 32 bib bitmap. ORing fifter^id triggerii^ that fater. Bit set at 0 means no trigga- condition. 
Setf trigge^ condition s igr>ored 

p//7 is a value, nonnally set to 1 . positive for normal operation as described abova When set to 0 it me£0is negative 
ss filtering, i.e.. retrieve sections qqI matching target. 

Examples of use: 

Example 1: 

40 

[0100] 

Filter_alLs6Ctior^5. 0x8C7C453AA8BBFF00. 0XFF557FFFEEFFFFO0. 0, 1) will csqature all EMMs con*esrx)nding 
To nrtatching criteria. 

45 

Example 2: 
[0101] 

50 Filter_nexl_section(0. 0x8000000000000000, OxFFOOOOOOOOOOOOOO. 0. 1) 
Filter_next_section{1. 0i«1 00000000000000. OxFFOOOOOOOOOOOOOO. 5. 1) 
Fiiter_next_section(2, 0x8000000000000000. OxFFOOOOOOOOO(X)000. 3. 1) 

win start an ECM capture process with odd/even toggle. 

55 
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Example 3: 
[0102] 

5 Filter_next_section(8. OxPMT_TIDOOOOVersion.rnjmbeftXH)00^ OxFFOOOOl FOOOOOOOO. 0. 0) 

Rlter_next_section(1. Ox810000<KK)0000000. OxFFOOOOOOOOOOOOOO. 0x14, 1) 
Filter_next_secticm(2, 0x8000O0CK)O0000000, OxFFOOOOOOOOOOOOOO, 0x12. 1) 

wi8 start an ECM capture process with odd/even tog^e, startir^ when there is a c^nge in the PMT. 
70 [0103] In t^ms of conimunicatiCHi Of CA messages and fitter data to and from the smart card 82 and fitter unit 80, a 
standatd protoool such as IS0781 6 may be used. Since not all of the data in the litt^ed private section is required by 
the smart card 82, the section may be modified and a message of the following format sait to the smart card: 



75 



Table id 


8bits 


Zen3 


11 bits 


Fitter id 


5t»ts 


CA spectftc header field 


56 bits 


CA message 


N*8bfts 



25 [0104] The meaning of each of these temrK will be dear from the atxjve descr^rfion. In temre of the f itt^ data sent 
from the smart card 82 to the f iter 80, the followir^ fonnat may be used: 



Numt^ of fiters 


Obits 


Filtering instruction 


5bits 


Fitter ki 


5 txts 


Target 


64 bits 


Mask 


64 bits 


Tri^er conditions 


SbHs 


p/n 


1 bit 



Number_of_fHters descril>e6 the ruimber of fitters to be set in this ri^uction. 
45 Fiher/ng^instruction is describing the type of instruction (fitter next section, fitter all sedions), 

Filterjd is an index pointing to a filter and an output queue. In addition, it gives the queueing priority. 0 being the 

highest prionty. 

Target is the target pattern. 

Mask ^ a pattern showing the bits to be nnasked in the target, value 0 means masked. 
60 Tfiggerjoondithns is a bttmap. OF^g f ifter„id triggering that fitter. St set at 0 means no trigger conc&lion. SeH trig- 
g^ condition is ignored. 

p/n is a value, nomnatly set to 1 , positive for normal operation as described atxve. When set to 0 rt nneans negative 
fift^^tng. i.e:, retrieve sections not matching target. 

55 [0105] In practice, communications between the smart card and the receiver/d^xxj^ rr^ be sut^ject to a tevel of 
encryption or scrambling for security re^ons. In particular, communicatiorrc t>etween the smart card 82 and filter imit 
dO, as well as the control word stream sent to the descrarrt^er unit 83 may be encoded in this way. Encryption algo- 
rithms suitable for this purpose are wklely known (RSA, DES etc.). 
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Claims 

1 . A decoder adapted to receive a transport packet siream cwitarning t^e. section or other packetised data encap- 
sutated within the packet payloads and characterised in ttiat the decoder comprises a means for filtering the encap- 

5 sulated data configurat^e in response to fitter data received from a portable security module. 

2, A decoda' as claimed in claim 1 in whic^ the means for filtering encapsulated data is configurable in response to 
fitter data comfxising at least a table ID or sectfon ID value transmitted by the portable security modula 

JO 3. A decoder as claimed in dam 1 or 2 in which the means for filtering wcapsidated data « furlhw adapted to forward 
to the security module conditional access data obtained in accordance with the filter data received from the security 
module. 

4. A decoder as claimed in claim 3 in which conditional access data forwarded to the security modiie comprises enti- 
15 tlem^ control messages (ECM^ and/or entitlemem mar^ganent messages (EMMs). 

5. A decoder as claimed in daim 3 or 4 in which filter data provided by the security nxxWe conprises data used by 
the fBte' means to extract group and/or individual entitlement management messages addr^sed to the seority 
module. 

20 

6. A decoder as claimed in any of daims 3 to 6 in which the decoder is adapted to receive a control word geneiHted 
by the security nrxxJule in response to the conditional access data forwarded thereta the control word b&ng used 
by the decoder to descramWe a saan^ed transTTBSsion. 

25 7. A decoder as claimed in any preceding datm fejrther comprising a nrveans for fStering trai^port packet data config- 
urable In response to data received from the security module. 

8. A decoder as claimed in datm 7. m which the means for filtering trarwport pcu^ket data is cofrfigurable in response 
to data representing tfie identity of the conditional access system receivied from tie seoilfy modi^. 

30 

9. AdecoderasdaimedindaimSinwhichthetransfXKtpacketfateringmeanssadspte^ 

containing a program map table and a conditional access table, the decoctor further cc»nprisffig selection means 
adapted to receive the program map table and conditional access table from tie tran^x^ pack^ f Bterir>g meais 
and conditional access identity data from the security module and thereafler oonRgiire tie transport packet flterk^ 
35 means to extrad trBnspK)rt packet data associated witi tie conditional access ^stm in question. 

10. A decoder as daimed in any preceding claim adapted to process encrypt and/or decrypt comnurtications to and 
from the portable security module. 

40 11. A security module for use with a decoder as claimed in any preceding daim and charaderised in conprising a 
m^nory means for storing filter data subsequerttly commuricated to tie decoder to configure tie means for f Bter- 
ing encapsulated data. 

12. A saajrity module as daimed in claim 13 coriiprising a smart card. 

45 

13- A method of procesang a transport packet stream containing taksle, sedron or other packetised data encapsulated 
within the pad«4 payloads characterised by receiving tie transport stream in a decoder and filtering the encapsu- 
lated data in response to filter data received from a portable security module. 

50 14. A method of processing a transport packet stream as daimed in daim 1 3 f urtier comprising generating encapsu- 
lated data indudtng conditional access data and ffltering at the decoder using the encapsulated data and in 
re^)onse to filter data supplied by tie portable security module 



55 
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PID = 0x00 




Fig.3. 



47 



PID = 0x01 
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